<?php
//=======================================
//###################################
// Kayako Web Solutions
//
// Source Copyright 2001-2004 Kayako Web Solutions
// Unauthorized reproduction is not allowed
// License Number: $%LICENSE%$
// $Author: mslaria $ ($Date: 2006/10/06 15:42:01 $)
// $RCSfile: admin_staff.php,v $ : $Revision: 1.12 $ 
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
//
//###################################
//=======================================


if (!defined("INSWIFT")) {
	trigger_error("Unable to process $PHP_SELF", E_USER_ERROR);
}


if (!$staffauth->isAdmin()) {
	trigger_error("You do not have permission to access $PHP_SELF", E_USER_ERROR);
}


require_once ("./includes/functions_staff.php");
$staff = new Staff;

require_once ("./includes/functions_html.php");
$template->loadLanguageSection("staff");
$template->loadLanguageSection("admin_staffpermissions");


/**
* ###############################################
* FUNCTION DECLARATIONS
* ###############################################
*/

/**
* Callback for parsing staff data
*/
function _staffFields($arg)
{
	global $_SWIFT;
	$record = &$arg[0];
	$fields = &$arg[1];

	$record["staff.fullname"] = '<a href="index.php?_m=core&_a=editstaff&staffid='. $record["staffid"] .'">'.$record["fullname"].'</a>';
	$record["staff.username"] = $record["username"];
	$record["staff.staffid"] = $record["staffid"];
	$record["staffgroup.title"] = $record["title"];

	$record["options"] = '<a href="index.php?_m=core&_a=editstaff&staffid='. $record["staffid"] .'" title="'. $_SWIFT["language"]["edit"] .'"><img src="'. $_SWIFT["themepath"] .'icon_edit.gif" border="0">&nbsp;'. $_SWIFT["language"]["edit"] .'</a>&nbsp;&nbsp;&nbsp;&nbsp;<a onClick="javascript:doConfirm(\''. $_SWIFT["language"]["actionconfirm"] .'\', \'index.php?_m=core&_a=managestaff&do=delete&staffid='. $record["staffid"] .'\');" href="#" title="'. $_SWIFT["language"]["delete"] .'"><img src="'. $_SWIFT["themepath"] .'icon_delete.gif" border="0">&nbsp;'. $_SWIFT["language"]["delete"] .'</a>&nbsp;';
	return $record;
}

/**
* Mass Action: Delete Staff
*/
function _maDeleteStaff()
{
	global $_SWIFT, $staff;

	if (!is_array($_POST["itemid"]) || $_SWIFT["isdemo"] == true)
	{
		return false;
	}

	// See if the array contains the same staff id as this user
	if (in_array($_SWIFT["staff"]["staffid"], $_POST["itemid"]))
	{
		$_SWIFT["infomessage"] = sprintf($_SWIFT["language"]["staffdeletefailedsame"], $_SWIFT["staff"]["username"]);
		return false;
	}

	$staff->deleteStaff($_POST["itemid"]);
}

/**
* Callback for parsing staff groups
*/
function _staffGroupFields($arg)
{
	global $_SWIFT;
	$record = &$arg[0];
	$fields = &$arg[1];

	$record["isadmin"] = iif($record["isadmin"]==1, $_SWIFT["language"]["yes"], $_SWIFT["language"]["no"]);
	$record["title"] = '<a href="index.php?_m=core&_a=editstaffgroup&staffgroupid='. $record["staffgroupid"] .'">'.htmlspecialchars($record["title"]).'</a>';

	$record["options"] = '<a href="index.php?_m=core&_a=editstaffgroup&staffgroupid='. $record["staffgroupid"] .'" title="'. $_SWIFT["language"]["edit"] .'"><img src="'. $_SWIFT["themepath"] .'icon_edit.gif" border="0">&nbsp;'. $_SWIFT["language"]["edit"] .'</a>&nbsp;&nbsp;&nbsp;&nbsp;<a onClick="javascript:doConfirm(\''. $_SWIFT["language"]["sgroupactionconfirm"] .'\', \'index.php?_m=core&_a=managestaffgroups&do=delete&staffgroupid='. $record["staffgroupid"] .'\');" href="#" title="'. $_SWIFT["language"]["delete"] .'"><img src="'. $_SWIFT["themepath"] .'icon_delete.gif" border="0">&nbsp;'. $_SWIFT["language"]["delete"] .'</a>&nbsp;';
	return $record;
}

/**
* Mass Action: Delete Staff Groups
*/
function _maDeleteStaffGroups()
{
	global $_SWIFT, $staff;

	if (!is_array($_POST["itemid"]) || $_SWIFT["isdemo"] == true)
	{
		return false;
	}

	// See if the array contains the same staff id as this user
	if (in_array($_SWIFT["staff"]["staffgroupid"], $_POST["itemid"]))
	{
		//$_SWIFT["infomessage"] = sprintf($_SWIFT["language"]["staffdeletefailedsame"], $_SWIFT["staff"]["username"]);
		return false;
	}

	$staff->deleteStaffGroups($_POST["itemid"]);
}




/**
* ###############################################
* MANAGE STAFF
* ###############################################
*/
if ($eventaction == "managestaff")
{
	if ($_GET["do"] == "delete" && $_GET["staffid"] != "")
	{
		if ($_GET["staffid"] == $_SWIFT["staff"]["staffid"])
		{
			$infomessage = sprintf($_SWIFT["language"]["staffdeletefailedsame"], $_SWIFT["staff"]["username"]);
		} else if ($_SWIFT["isdemo"] == true) {
			$infomessage = $_SWIFT["language"]["demomode"];
		} else if (isset($_SWIFT["staffcache"][$_GET["staffid"]])) {
			$infomessage = sprintf($_SWIFT["language"]["staffdeleteconfirm"], $_SWIFT["staffcache"][$_GET["staffid"]]["username"]);
			$staff->deleteStaff(array($_GET["staffid"]));	
		}
	}

	$options["recordsperpage"] = "6";
	$options["sortby"] = "staff.fullname";
	$options["sortorder"] = "asc";
	$options["massaction"][0]["title"] = $_SWIFT["language"]["delete"];
	$options["massaction"][0]["callback"] = "_maDeleteStaff";

	$options["idname"] = "staffid";
	$options["quicksearch"] = true;

	$options["advancedsearch"][0]["title"] = $_SWIFT["language"]["fullname"];
	$options["advancedsearch"][0]["query"] = 'SELECT * FROM `'. TABLE_PREFIX .'staff` AS staff LEFT JOIN `'. TABLE_PREFIX .'staffgroup` AS staffgroup ON (staff.staffgroupid = staffgroup.staffgroupid)  WHERE staff.fullname LIKE \'%$_searchstr%\' LIKE \'%$_searchstr%\' $_sortjoin;';
	$options["advancedsearch"][1]["title"] = $_SWIFT["language"]["username"];
	$options["advancedsearch"][1]["query"] = 'SELECT * FROM `'. TABLE_PREFIX .'staff` AS staff LEFT JOIN `'. TABLE_PREFIX .'staffgroup` AS staffgroup ON (staff.staffgroupid = staffgroup.staffgroupid)  WHERE staff.username LIKE \'%$_searchstr%\' $_sortjoin;';
	$options["advancedsearch"][2]["title"] = $_SWIFT["language"]["email"];
	$options["advancedsearch"][2]["query"] = 'SELECT * FROM `'. TABLE_PREFIX .'staff` AS staff LEFT JOIN `'. TABLE_PREFIX .'staffgroup` AS staffgroup ON (staff.staffgroupid = staffgroup.staffgroupid)  WHERE staff.email LIKE \'%$_searchstr%\' $_sortjoin;';
	$options["advancedsearch"][3]["title"] = $_SWIFT["language"]["staffgroup"];
	$options["advancedsearch"][3]["query"] = 'SELECT * FROM `'. TABLE_PREFIX .'staff` AS staff LEFT JOIN `'. TABLE_PREFIX .'staffgroup` AS staffgroup ON (staff.staffgroupid = staffgroup.staffgroupid)  WHERE staffgroup.title LIKE \'%$_searchstr%\' $_sortjoin;';

	$options["callback"] = "_staffFields";

	$fields[0]["name"] = "staff.fullname";
	$fields[0]["title"] = $_SWIFT["language"]["fullname"];
	$fields[0]["width"] = "";

	$fields[1]["name"] = "staff.username";
	$fields[1]["title"] = $_SWIFT["language"]["username"];
	$fields[1]["width"] = "120";
	$fields[1]["align"] = "center";

	$fields[2]["name"] = "staffgroup.title";
	$fields[2]["title"] = $_SWIFT["language"]["staffgroup"];
	$fields[2]["width"] = "120";
	$fields[2]["align"] = "center";

	$fields[3]["type"] = "custom";
	$fields[3]["name"] = "options";
	$fields[3]["title"] = $_SWIFT["language"]["options"];
	$fields[3]["width"] = "150";
	$fields[3]["align"] = "center";

	$grid = new Grid();

	$interface->adminHeader($_SWIFT["language"]["staff"]." > ".$_SWIFT["language"]["managestaff"], 2);

	$interface->adminNavBar('<a href="index.php?_m=core&_a=dashboard" title="'.$_SWIFT["language"]["dashboard"].'">'.$_SWIFT["language"]["dashboard"].'</a> &raquo; <a href="index.php?_m=core&_a=managestaff" title="'.$_SWIFT["language"]["staff"].'">'.$_SWIFT["language"]["staff"].'</a> &raquo; <a href="index.php?_m=core&_a=managestaff" title="'.$_SWIFT["language"]["manage"].'">'.$_SWIFT["language"]["manage"].'</a>', $_SWIFT["language"]["desc_staff"] , -1);

	$grid->start("staff", $_SWIFT["language"]["stafflist"], 'SELECT * FROM `'. TABLE_PREFIX .'staff` AS staff LEFT JOIN `'. TABLE_PREFIX .'staffgroup` AS staffgroup ON (staff.staffgroupid = staffgroup.staffgroupid) $_sortjoin;', 'SELECT COUNT(*) AS totalitems FROM `'. TABLE_PREFIX .'staff` AS staff LEFT JOIN `'. TABLE_PREFIX .'staffgroup` AS staffgroup ON (staff.staffgroupid = staffgroup.staffgroupid);', 'SELECT * FROM `'. TABLE_PREFIX .'staff` AS staff LEFT JOIN `'. TABLE_PREFIX .'staffgroup` AS staffgroup ON (staff.staffgroupid = staffgroup.staffgroupid)  WHERE staff.fullname LIKE \'%$_searchstr%\' OR staff.username LIKE \'%$_searchstr%\' $_sortjoin;', $fields, $options);

	if (trim($_REQUEST["insertstaffid"]) != "")
	{
		$infomessage = sprintf($_SWIFT["language"]["staffinsertconfirm"], $_SWIFT["staffcache"][$_REQUEST["insertstaffid"]]["fullname"]);
	} else if ($_SWIFT["infomessage"] != "") {
		$infomessage = $_SWIFT["infomessage"];
	} else if (!empty($_GET["updatestaffid"])) {
		$infomessage = sprintf($_SWIFT["language"]["staffupdateconfirm"], $_SWIFT["staffcache"][$_GET["updatestaffid"]]["fullname"]);
	}
	
	
	printInfoBox($infomessage);
	
	$grid->display("staff");
	$interface->adminFooter();






/**
* ###############################################
* INSERT NEW STAFF
* ###############################################
*/
} else if ($eventaction == "insertstaff") {
	if ($_POST["step"] == "1")
	{
		if (trim($_POST["fullname"]) == "" || trim($_POST["username"]) == "" || trim($_POST["password"]) == "" || trim($_POST["passwordconfirm"]) == "" || trim($_POST["email"]) == "")
		{
			$errormessage = $_SWIFT["language"]["requiredfieldempty"];
		} else if ($_POST["password"] != $_POST["passwordconfirm"]) {
			$errormessage = $_SWIFT["language"]["passworddontmatch"];
			$_POST["password"] = "";
			$_POST["passwordconfirm"] = "";
		} else if ($_POST["usegroupdep"] != "1" && count($_POST["assigneddepid"]) == 0) {
			$errormessage = $_SWIFT["language"]["selectdepartment"];
		} else if ($_SWIFT["isdemo"] == true) {
			$errormessage = $_SWIFT["language"]["demomode"];
		} else {
			$usernameerror = false;
			foreach ($_SWIFT["staffcache"] as $key=>$val)
			{
				if ($_POST["username"] == $val["username"])
				{
					$usernameerror = true;
				}
			}
			if ($usernameerror)
			{
				$errormessage = $_SWIFT["language"]["usernameexists"];
			} else {
				// Go! Go! Go! Insert the staff
				if ($_POST["usegroupdep"] == "1")
				{
					$groupassigns = true;
				} else {
					$groupassigns = false;
				}

				$staffid = $staff->insertStaff($_POST["fullname"], $_POST["username"], $_POST["password"], $_POST["staffgroupid"], $_POST["email"], $_POST["mobilenumber"], $_POST["signature"], $groupassigns);

				if (!$groupassigns)
				{
					$staff->assignStaff($staffid, $_POST["assigneddepid"]);
				}
		
				rebuildStaffCache();

				printRedirect($_SWIFT["language"]["redirect_staffinsert"], "index.php?_m=core&_a=managestaff&insertstaffid=".$staffid);
				exit;
			}
		}
	}

	$interface->adminHeader($_SWIFT["language"]["staff"]." > ".$_SWIFT["language"]["insertstaff"], 2);

	$interface->adminNavBar('<a href="index.php?_m=core&_a=dashboard" title="'.$_SWIFT["language"]["dashboard"].'">'.$_SWIFT["language"]["dashboard"].'</a> &raquo; <a href="index.php?_m=core&_a=managestaff" title="'.$_SWIFT["language"]["staff"].'">'.$_SWIFT["language"]["staff"].'</a> &raquo; <a href="index.php?_m=core&_a=insertstaff" title="'.$_SWIFT["language"]["insert"].'">'.$_SWIFT["language"]["insert"].'</a>', $_SWIFT["language"]["desc_staff"] , -1);
	
	printInfoBox($infomessage);
	printErrorBox($errormessage);

	displayStaffForm(INSERT);

	$template->assign("backurl", "index.php?_m=core&_a=managestaff");
	$interface->adminFooter();
	






/**
* ###############################################
* MANAGE STAFF GROUPS
* ###############################################
*/
} else if ($eventaction == "managestaffgroups") {
	if ($_GET["do"] == "delete" && $_GET["staffgroupid"] != "")
	{
		if ($_GET["staffgroupid"] == $_SWIFT["staff"]["staffgroupid"])
		{
			$infomessage = sprintf($_SWIFT["language"]["sgroupdeletefailedsame"], $_SWIFT["staffgroupcache"][$_GET["staffgroupid"]]["title"]);
		} else if ($_SWIFT["isdemo"] == true) {
			$infomessage = $_SWIFT["language"]["demomode"];
		} else if (isset($_SWIFT["staffgroupcache"][$_GET["staffgroupid"]])) {
			$infomessage = sprintf($_SWIFT["language"]["sgroupdeleteconfirm"], $_SWIFT["staffgroupcache"][$_GET["staffgroupid"]]["title"]);
			$staff->deleteStaffGroups(array($_GET["staffgroupid"]));
		}
	}

	$options["recordsperpage"] = "6";
	$options["sortby"] = "title";
	$options["sortorder"] = "asc";
	$options["massaction"][0]["title"] = $_SWIFT["language"]["delete"];
	$options["massaction"][0]["callback"] = "_maDeleteStaffGroups";

	$options["idname"] = "staffgroupid";
	$options["quicksearch"] = true;

	$options["advancedsearch"][0]["title"] = $_SWIFT["language"]["fullname"];
	$options["advancedsearch"][0]["query"] = 'SELECT * FROM `'. TABLE_PREFIX .'staff` AS staff LEFT JOIN `'. TABLE_PREFIX .'staffgroup` AS staffgroup ON (staff.staffgroupid = staffgroup.staffgroupid)  WHERE staff.fullname LIKE \'%$_searchstr%\' LIKE \'%$_searchstr%\' $_sortjoin;';
	
	$options["callback"] = "_staffGroupFields";
	$options["confirmmsg"] = $_SWIFT["language"]["sgroupactionconfirm"];

	$fields[0]["name"] = "title";
	$fields[0]["title"] = $_SWIFT["language"]["title"];
	$fields[0]["width"] = "";

	$fields[1]["name"] = "isadmin";
	$fields[1]["title"] = $_SWIFT["language"]["isadmin"];
	$fields[1]["width"] = "120";
	$fields[1]["align"] = "center";

	$fields[2]["type"] = "custom";
	$fields[2]["name"] = "options";
	$fields[2]["title"] = $_SWIFT["language"]["options"];
	$fields[2]["width"] = "150";
	$fields[2]["align"] = "center";

	$grid = new Grid();

	$interface->adminHeader($_SWIFT["language"]["staff"]." > ".$_SWIFT["language"]["managegroups"], 2);

	$interface->adminNavBar('<a href="index.php?_m=core&_a=dashboard" title="'.$_SWIFT["language"]["dashboard"].'">'.$_SWIFT["language"]["dashboard"].'</a> &raquo; <a href="index.php?_m=core&_a=managestaff" title="'.$_SWIFT["language"]["staff"].'">'.$_SWIFT["language"]["staff"].'</a> &raquo; <a href="index.php?_m=core&_a=managestaffgroups" title="'.$_SWIFT["language"]["managegroups"].'">'.$_SWIFT["language"]["managegroups"].'</a>', $_SWIFT["language"]["desc_staff"] , -1);

	$grid->start("staffgroups", $_SWIFT["language"]["staffgroups"], 'SELECT * FROM `'. TABLE_PREFIX .'staffgroup` $_sortjoin;', 'SELECT COUNT(*) AS totalitems FROM `'. TABLE_PREFIX .'staffgroup`;', 'SELECT * FROM `'. TABLE_PREFIX .'staffgroup` WHERE title LIKE \'%$_searchstr%\' $_sortjoin;', $fields, $options);

	if (trim($_REQUEST["insertstaffgroupid"]) != "")
	{
		$infomessage = sprintf($_SWIFT["language"]["staffgroupinsertconfirm"], $_SWIFT["staffgroupcache"][$_REQUEST["insertstaffgroupid"]]["title"]);
	} else if ($_SWIFT["infomessage"] != "") {
		$infomessage = $_SWIFT["infomessage"];
	} else if (!empty($_GET["updatestaffgroupid"])) {
		$infomessage = sprintf($_SWIFT["language"]["staffgroupupdateconfirm"], $_SWIFT["staffgroupcache"][$_REQUEST["updatestaffgroupid"]]["title"]);
	}
	
	
	printInfoBox($infomessage);
	
	$grid->display("staffgroups");
	$interface->adminFooter();







/**
* ###############################################
* INSERT NEW STAFF GROUP
* ###############################################
*/
} else if ($eventaction == "insertstaffgroup") {
	if ($_POST["step"] == "1")
	{
		if (trim($_POST["title"]) == "")
		{
			$errormessage = $_SWIFT["language"]["requiredfieldempty"];
		} else if ($_SWIFT["isdemo"] == true) {
			$errormessage = $_SWIFT["language"]["demomode"];
		} else {
			$staffgroupid = $staff->insertGroup($_POST["title"], iif($_POST["isadmin"]==1, true, false), $_POST["perm"]);

			assignGroup($staffgroupid, $_POST["assigneddepid"]);

			printRedirect($_SWIFT["language"]["redirect_staffgroupinsert"], "index.php?_m=core&_a=managestaffgroups&insertstaffgroupid=".$staffgroupid);
			exit;
		}
	}

	$interface->adminHeader($_SWIFT["language"]["staff"]." > ".$_SWIFT["language"]["insertstaffgroup"], 2);

	$interface->adminNavBar('<a href="index.php?_m=core&_a=dashboard" title="'.$_SWIFT["language"]["dashboard"].'">'.$_SWIFT["language"]["dashboard"].'</a> &raquo; <a href="index.php?_m=core&_a=managestaff" title="'.$_SWIFT["language"]["staff"].'">'.$_SWIFT["language"]["staff"].'</a> &raquo; <a href="index.php?_m=core&_a=insertstaffgroup" title="'.$_SWIFT["language"]["insertstaffgroup"].'">'.$_SWIFT["language"]["insertstaffgroup"].'</a>', $_SWIFT["language"]["desc_staff"] , -1);
	
	printInfoBox($infomessage);
	printErrorBox($errormessage);

	renderStaffGroupForm(INSERT);

	$template->assign("backurl", "index.php?_m=core&_a=managestaffgroups");
	$interface->adminFooter();




/**
* ###############################################
* EDIT STAFF
* ###############################################
*/
} else if ($eventaction == "editstaff") {
	$_staff = $dbCore->queryFetch("SELECT * FROM `". TABLE_PREFIX ."staff` AS staff LEFT JOIN `". TABLE_PREFIX ."staffgroup` AS staffgroup ON (staff.staffgroupid = staffgroup.staffgroupid) WHERE staff.staffid = '". intval($_REQUEST["staffid"]) ."';");
	if (empty($_staff["staffid"]))
	{
		trigger_error($_SWIFT["language"]["invalidstaff"], E_USER_ERROR);
	}
	unset($_staff["password"]);

	if ($_POST["step"] == "1")
	{
		if (trim($_POST["fullname"]) == "" || trim($_POST["username"]) == "" || trim($_POST["email"]) == "")
		{
			$errormessage = $_SWIFT["language"]["requiredfieldempty"];
		} else if (trim($_POST["password"]) != "" && $_POST["password"] != $_POST["passwordconfirm"]) {
			$errormessage = $_SWIFT["language"]["passworddontmatch"];
			$_POST["password"] = "";
			$_POST["passwordconfirm"] = "";
		} else if ($_POST["usegroupdep"] != "1" && !count($_POST["assigneddepid"])) {
			$errormessage = $_SWIFT["language"]["selectdepartment"];
		} else if ($_SWIFT["isdemo"] == true) {
			$errormessage = $_SWIFT["language"]["demomode"];
		} else {
			$usernameerror = $grouperror = $admincheck = false;

			foreach ($_SWIFT["staffcache"] as $key=>$val)
			{
				$_isadmin = $_SWIFT["staffgroupcache"][$val["staffgroupid"]]["isadmin"];

				if ($_POST["username"] == $val["username"] && $_POST["username"] != $_staff["username"])
				{
					$usernameerror = true;
				} else if ($_staff["staffid"] != $val["staffid"] && $_isadmin == 1) {
					$admincheck = true;
				}
			}

			if ($admincheck == false && $_staff["isadmin"] == 1 && $_SWIFT["staffgroupcache"][$_POST["staffgroupid"]]["isadmin"] == 0)
			{
				// This is the only admin user we have got and he is trying to change his group to a non admin user? dont allow him to do so! We already receive a plethora of support tickets and every less bit counts..
				$grouperror = true;
			}

			if ($usernameerror)
			{
				$errormessage = $_SWIFT["language"]["usernameexists"];
			} else if ($grouperror == true) {
				$errormessage = $_SWIFT["language"]["grouperror"];
			} else {
				// Update the staff..
				if ($_POST["usegroupdep"] == "1")
				{
					$groupassigns = true;
				} else {
					$groupassigns = false;
				}

				updateStaff($_staff["staffid"], $_POST["fullname"], $_POST["username"], $_POST["password"], $_POST["staffgroupid"], $_POST["email"], $_POST["mobilenumber"], $_POST["signature"], $groupassigns);

				clearStaffAssigns($_staff["staffid"]);

				if (!$groupassigns)
				{
					$staff->assignStaff($_staff["staffid"], $_POST["assigneddepid"]);
				}

				printRedirect(sprintf($_SWIFT["language"]["staffupdateconfirm"], htmlspecialchars($_staff["fullname"])), "index.php?_m=core&_a=managestaff&updatestaffid=".$_staff["staffid"]);
				exit;
			}
		}
	}

	$_POST = array_merge($_staff, $_POST);

	$interface->adminHeader($_SWIFT["language"]["staff"]." > ".$_SWIFT["language"]["editstaff"], 2);

	$interface->adminNavBar('<a href="index.php?_m=core&_a=dashboard" title="'.$_SWIFT["language"]["dashboard"].'">'.$_SWIFT["language"]["dashboard"].'</a> &raquo; <a href="index.php?_m=core&_a=managestaff" title="'.$_SWIFT["language"]["staff"].'">'.$_SWIFT["language"]["staff"].'</a> &raquo; <a href="index.php?_m=core&_a=editstaff&staffid='. intval($_staff["staffid"]) .'" title="'.htmlspecialchars($_staff["fullname"]).'">'.htmlspecialchars($_staff["fullname"]).'</a>', $_SWIFT["language"]["desc_staff"] , -1);
	
	printInfoBox($infomessage);
	printErrorBox($errormessage);

	displayStaffForm(EDIT);

	$template->assign("backurl", "index.php?_m=core&_a=managestaff");
	$interface->adminFooter();








/**
* ###############################################
* EDIT STAFF GROUP
* ###############################################
*/
} else if ($eventaction == "editstaffgroup") {
	// Fetch the staff group
	$_staffgroup = $dbCore->queryFetch("SELECT * FROM `". TABLE_PREFIX ."staffgroup` WHERE `staffgroupid` = '". intval($_REQUEST["staffgroupid"]) ."';");
	if (empty($_staffgroup["staffgroupid"]))
	{
		trigger_error($_SWIFT["language"]["invalidstaffgroup"], E_USER_ERROR);
		exit;
	}

	// Ok.. now fetch the permissions.
	global $permissions;
	$permissions = array();

	$dbCore->query("SELECT * FROM `". TABLE_PREFIX ."staffgroupsettings` WHERE `staffgroupid` = '". intval($_staffgroup["staffgroupid"]) ."';");
	while ($dbCore->nextRecord())
	{
		$permissions[$dbCore->Record["name"]] = $dbCore->Record["value"];
	}
	

	// ======= PROCESSING =======
	if ($_POST["step"] == "1")
	{
		if (trim($_POST["title"]) == "")
		{
			$errormessage = $_SWIFT["language"]["requiredfieldempty"];
		} else if ($_SWIFT["isdemo"] == true) {
			$errormessage = $_SWIFT["language"]["demomode"];
		} else {
			// Iterate through all other groups and do an admin check
			$admincheck = false;
			foreach ($_SWIFT["staffgroupcache"] as $key=>$val)
			{
				if ($val["staffgroupid"] != $_staffgroup["staffgroupid"] && $val["isadmin"] == 1)
				{
					$admincheck = true;
				}
			}

			if ($_POST["isadmin"] == 0 && $_staffgroup["isadmin"] == 1 && $admincheck == false)
			{
				// Raise an error! This user is trying to disable admin priveldges and theres only one group with admin priveledges
				$errormessage = $_SWIFT["language"]["groupadminerror"];
			} else {
				updateStaffGroup($_staffgroup["staffgroupid"], $_POST["title"], iif($_POST["isadmin"]==1, true, false), $_POST["perm"]);

				clearGroupAssigns($_staffgroup["staffgroupid"]);
				assignGroup($_staffgroup["staffgroupid"], $_POST["assigneddepid"]);

				printRedirect(sprintf($_SWIFT["language"]["staffgroupupdateconfirm"], htmlspecialchars($_staffgroup["title"])), "index.php?_m=core&_a=managestaffgroups&updatestaffgroupid=".$_staffgroup["staffgroupid"]);
				exit;
			}
		}
	}
	$_POST = array_merge($_POST, $_staffgroup);

	$interface->adminHeader($_SWIFT["language"]["staff"]." > ".$_SWIFT["language"]["editstaffgroup"], 2);

	$interface->adminNavBar('<a href="index.php?_m=core&_a=dashboard" title="'.$_SWIFT["language"]["dashboard"].'">'.$_SWIFT["language"]["dashboard"].'</a> &raquo; <a href="index.php?_m=core&_a=managestaffgroups" title="'.$_SWIFT["language"]["staffgroups"].'">'.$_SWIFT["language"]["staffgroups"].'</a> &raquo; <a href="index.php?_m=core&_a=editstaffgroup&staffgroupid='. intval($_staffgroup["staffgroupid"]) .'" title="'.htmlspecialchars($_staffgroup["title"]).'">'.htmlspecialchars($_staffgroup["title"]).'</a>', $_SWIFT["language"]["desc_staff"] , -1);
	
	printInfoBox($infomessage);
	printErrorBox($errormessage);

	renderStaffGroupForm(EDIT);

	$template->assign("backurl", "index.php?_m=core&_a=managestaffgroups");
	$interface->adminFooter();









/**
* ###############################################
* MASS MAIL
* ###############################################
*/
} else if ($eventaction == "staffmassmail") {
	if ($_POST["step"] == "1")
	{
		if (trim($_POST["subject"]) == "" || trim($_POST["contents"]) == "")
		{
			$errormessage = $_SWIFT["language"]["requiredfieldempty"];
		} else if (!_is_array($_POST["staffgroupidlist"])) {
			$errormessage = $_SWIFT["language"]["selectonegroup"];
		} else if ($_SWIFT["isdemo"] == true) {
			$errormessage = $_SWIFT["language"]["demomode"];
		} else {
			// Get the list of all staff under the specified group
			$mailcount = sendMassMail($_POST["staffgroupidlist"], $_POST["subject"], $_POST["contents"]);

			printRedirect(sprintf($_SWIFT["language"]["sentmailconfirm"], $mailcount), "index.php?_m=core&_a=staffmassmail&mailcount=".$mailcount);
			exit;
		}
	}
	//Mahesh Slaria: Fixed Mass mail HTML tags problem.
	if ($_SWIFT["settings"]["cpu_enablehtmlmails"] == 1)
	{
		$template->assign("htmlarea", true);
	}
	if (trim($_GET["mailcount"]) != "")
	{
		$infomessage = sprintf($_SWIFT["language"]["sentmailconfirm"], $_GET["mailcount"]);
	}

	$interface->adminHeader($_SWIFT["language"]["staff"]." > ".$_SWIFT["language"]["massmail"], 2);

	$interface->adminNavBar('<a href="index.php?_m=core&_a=dashboard" title="'.$_SWIFT["language"]["dashboard"].'">'.$_SWIFT["language"]["dashboard"].'</a> &raquo; <a href="index.php?_m=core&_a=managestaff" title="'.$_SWIFT["language"]["staff"].'">'.$_SWIFT["language"]["staff"].'</a> &raquo; <a href="index.php?_m=core&_a=staffmassmail" title="'.$_SWIFT["language"]["massmail"].'">'.$_SWIFT["language"]["massmail"].'</a>', $_SWIFT["language"]["desc_staff"] , -1);
	
	printInfoBox($infomessage);
	printErrorBox($errormessage);

	printFormStart("massmailform");
	printMainTableHeader($_SWIFT["language"]["massmail"]);

	printTextRow("subject", $_SWIFT["language"]["subject"], $_SWIFT["language"]["desc_subject"], "text", $_POST["subject"], "50");
	
	$options = array();
	$cnt = 0;
	foreach ($_SWIFT["staffgroupcache"] as $key=>$val)
	{
		$options[$cnt]["title"] = $val["title"];
		$options[$cnt]["value"] = $key;
		$options[$cnt]["checked"] = true;
		$cnt++;
	}
	printCheckboxListRow("staffgroupidlist", $_SWIFT["language"]["mailstaffgroup"], $_SWIFT["language"]["desc_mailstaffgroup"], $options);

	if ($_SWIFT["settings"]["cpu_enablehtmlmails"] == 1)
	{
		printhtmlAreaRow("contents", $_SWIFT["language"]["mmcontents"], $_POST["contents"]);
	} else {
		printDescRow($_SWIFT["language"]["mmcontents"]);
		$data = array();
		$data[0]["value"] = '<textarea style="WIDTH:100%;" name="contents" cols="100" rows="15">'. htmlspecialchars($_POST["contents"]) .'</textarea>'.SWIFT_CRLF;
		$data[0]["align"] = "center";
		$data[0]["colspan"] = "2";
		printDataRow($data);		
	}
	
	printSubmitRow($_SWIFT["language"]["send"]);

	printMainTableFooter();

	addHiddenField("_m", "core");
	addHiddenField("_a", "staffmassmail");
	addHiddenField("step", "1");
	printFormEnd();

	$template->assign("backurl", "index.php?_m=core&_a=managestaff");
	$interface->adminFooter();
}
?>